java.lang.Object
org.elasticsearch.xpack.core.security.authc.Realm
org.elasticsearch.xpack.security.authc.jwt.JwtRealm
All Implemented Interfaces:
Closeable, AutoCloseable, Comparable<Realm>, org.elasticsearch.core.Releasable, CachingRealm, ReloadableSecurityComponent

public class JwtRealm extends Realm implements CachingRealm, ReloadableSecurityComponent, org.elasticsearch.core.Releasable
JWT realms supports JWTs as bearer tokens for authenticating to Elasticsearch. For security, it is recommended to authenticate the client too.
  • Field Details

  • Constructor Details

  • Method Details

    • initialize

      public void initialize(Iterable<Realm> allRealms, XPackLicenseState xpackLicenseState)
      If X-pack licensing allows it, initialize delegated authorization support.
      Overrides:
      initialize in class Realm
      Parameters:
      allRealms - List of all realms containing authorization realms for this JWT realm.
      xpackLicenseState - X-pack license state.
    • close

      public void close()
      Clean up JWT cache (if enabled). Clean up HTTPS client cache (if enabled).
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Specified by:
      close in interface org.elasticsearch.core.Releasable
    • lookupUser

      public void lookupUser(String username, ActionListener<User> listener)
      Specified by:
      lookupUser in class Realm
    • expire

      public void expire(String username)
      Specified by:
      expire in interface CachingRealm
    • expireAll

      public void expireAll()
      Specified by:
      expireAll in interface CachingRealm
    • token

      public AuthenticationToken token(ThreadContext threadContext)
      Specified by:
      token in class Realm
    • supports

      public boolean supports(AuthenticationToken jwtAuthenticationToken)
      Specified by:
      supports in class Realm
    • authenticate

      public void authenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult<User>> listener)
      Specified by:
      authenticate in class Realm
    • usageStats

      public void usageStats(ActionListener<Map<String,Object>> listener)
      Overrides:
      usageStats in class Realm
    • reload

      public void reload(Settings settings)
      Description copied from interface: ReloadableSecurityComponent
      Called when a reload security settings action is executed. The reload operation must be completed when this method returns. Strictly speaking, the settings argument should not be accessed outside of this method's call stack, as any values stored in the node's keystore (see SecureSetting) will not otherwise be retrievable.

      There is no guarantee that the secure setting's values have actually changed. Hence, it's up to implementor to detect if the actual internal reloading is necessary.

      Any failure during the reloading should be signaled by raising an exception.

      For additional info, see also: ReloadablePlugin.reload(Settings).

      Specified by:
      reload in interface ReloadableSecurityComponent
      Parameters:
      settings - Settings include the initial node's settings and all decrypted secure settings from the keystore. Absence of a particular secure setting may mean that the setting was either never configured or that it was simply removed.